User's Guide
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Debug Logs
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
Wireless Authentication
Authentication Protocols
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Technical Support
Purchasing Licenses

ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

Issuing a Certificate in Active Directory CA

This article explains how a certificate to use by ClearBox may be issued. The requirement is that there's a certificate authority installed.

Run certreq.exe from the command line:

Specify the location of a certificate request file (read about creating it here) and click OK. Select an appropriate CA from the list and click OK. New request is sent.

Now run Certification Authority snap-in from Administrative Tools folder. Select 'Pending Requests' item:

You will find new pending request here in the list. Before issuing it, the necessary 'Enhanced Key Usage' extension should be added to make this certificate suitable for wireless authentication. Create a new text file (let's name it eku.txt) with this single text line:

30 0a 06 08 2b 06 01 05 05 07 03 01

It means 'Server authentication' expressed in hexadecimal form. Now run this from the command line:

certutil -setextension [request id here] 0 @eku.txt

Instead of [request id here] you should place the real request id (on the screenshot above, it is 14. In your system you'll get different values).

Now you may right-click the request, select All tasks, View attributes/Extensions... You request should have this extension now:

Right-click the request and select All tasks, Issue. If everything was done well, you'll find this request among Issued Certificates. Now double-click it, select Details tab and click Copy to File...:

Export Wizard is launched. Click Next and select Base-64 encoded X.509:

Click Next, specify the exported certificate file name and click Finish.

Now you may install the RADIUS server certificate as described here.

© 2001-2007 XPerience Technologies.
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)